Vulnerabilities (CVE)

Filtered by CWE-416
Total 3141 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3352 1 Vim 1 Vim 2022-09-30 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2022-40278 1 Samsung 1 Tizenrt 2022-09-30 N/A 7.5 HIGH
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
CVE-2021-3392 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2022-09-30 2.1 LOW 3.2 LOW
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2022-38222 1 Xpdfreader 1 Xpdf 2022-09-30 N/A 7.8 HIGH
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2022-0790 1 Google 1 Chrome 2022-09-30 6.8 MEDIUM 9.6 CRITICAL
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-3715 1 Linux 1 Linux Kernel 2022-09-30 7.2 HIGH 7.8 HIGH
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2022-0808 1 Google 1 Chrome 2022-09-30 6.8 MEDIUM 8.8 HIGH
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.
CVE-2022-41218 1 Linux 1 Linux Kernel 2022-09-30 N/A 5.5 MEDIUM
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2021-46022 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2021-46021 2 Fedoraproject, Gnu 2 Fedora, Recutils 2022-09-30 4.3 MEDIUM 5.5 MEDIUM
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
CVE-2022-3058 1 Google 1 Chrome 2022-09-29 N/A 8.8 HIGH
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
CVE-2022-3197 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-3055 1 Google 1 Chrome 2022-09-29 N/A 8.8 HIGH
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3196 3 Apple, Google, Linux 3 Macos, Chrome, Linux Kernel 2022-09-29 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-3042 1 Google 2 Chrome, Chrome Os 2022-09-29 N/A 8.8 HIGH
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21708 1 Php 1 Php 2022-09-29 6.8 MEDIUM 9.8 CRITICAL
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2022-3038 1 Google 1 Chrome 2022-09-29 N/A 8.8 HIGH
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3049 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2022-09-29 N/A 8.8 HIGH
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3040 1 Google 1 Chrome 2022-09-29 N/A 8.8 HIGH
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3071 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2022-09-29 N/A 8.8 HIGH
Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.